[tor-relays] List of Relays' Available SSH Auth Methods
tor-exit0
tor-exit0 at intersafeit.com
Tue Nov 18 19:06:36 UTC 2014
On Tue, Nov 18, 2014 at 10:09:37AM -0500, Libertas wrote:
> Hi, everyone. Linked below is a list of relays that were live last night
> along with the SSH authentication methods they support:
[snip]
> Generally, it is far more secure to allow only public key auth.
Nobody has mentioned using single packet authentication via fwknopd. I
get the warm fuzzies when one must pass this this challenge before a
sensitive port is opened for your sourcing ip and for only X number of
seconds before it's closed. Spa has more to offer than simple port
knocking and there are plenty of client options available. Is there a
reason more relay operators aren't using it?
It also seems that fail2ban is more favored than csf although the
features of additional login notifications and some password brute force
protection are similar. Are there reasons that a person would favor one
over the other? I'd like to mention that it seems the brute force
protection doesn't offer a lot of protection if the attack is
distributed and only 1 attempt is ever seen from a given ip. Still
better than nothing and all simply an additional layer with single
packet authentication enabled.
More information about the tor-relays
mailing list